The Rise of Ransomware

More companies are being held hostage. Spear phishing is fueling the epidemic.



Ransomware is on the rise. An estimated 714 million attempted ransomware attacks were launched by the close of 2021 — a 134% increase over the previous year. As the favored tool of bad guys ranging from greedy cybercriminals to nationstate threat actors, this devastating cyberattack is a menace to businesses of every size, in every industry. Cybersecurity Ventures estimates the worldwide cost of ransomware at $20 billion in 2021. That number is expected to rise to $265 billion by 2031. The ransomware crisis just keeps getting worse — and harder to defend against.

One reason for that difficulty is that the most common attack vector for ransomware is spear phishing, and phishing has exploded. The top data breach threat for three consecutive years, phishing is a plague on organizations. 80% of IT professionals saw a substantial increase in phishing attacks including those carrying ransomware in 2021. Consistently rising email volumes from remote work and shifts to more cloud-based operations for businesses give cybercriminals more chances to get phishing messages that carry ransomware into employee inboxes.

Phishing is extremely difficult to defend against because of its versatility and its relationship to social engineering. Far too often, humans unwittingly help attackers gain a foothold in company networks or devices because they fall victim to the lure of a phishing email. An estimated 97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email.

Old Tricks, New Victims

As the world grows more interconnected, ransomware practitioners have expanded their operations to include industries and organizations that weren't previously on the hit list. An estimated 50% of ransomware attacks in 2021 hit businesses with less than 100 employees. The rise of the ransomware-as-a-service model that empowers smaller cybercrime groups to punch above their weight class has also contributed to the flood of ransomware attacks that businesses face daily.

Ransomware practitioners are also seeking new sources of highly desirable (and profitable) data. The Verizon/Ponemon Data Breach Investigations Report 2021 reports that the number of data breaches that involve ransomware doubled in 2021. About 70% of data loss incidents were the result of “obscuration”, a classification that is used in this report to identify breaches that are the result of data encryption during a successful ransomware attack.

A Big Payday

A successful ransomware attack can net more for bad actors than just data to sell on the dark web. It can also net the bad guys a straight-up extortion payment. About 52% of organizations hit with a ransomware attack choose to negotiate with the extortionists or simply pay the ransom that is demanded, especially organizations involved in time-sensitive operations or critical infrastructure management. Cybercriminals know this and take advantage of it to score a fat payday. The average ransomware payment climbed 82% from $234,000 in 2020 to a record $570,000 in 2021.

Paying extortionists is never a good idea, but it is the route that many companies take to escape a ransomware attack. Unfortunately, paying the bad guys doesn't always produce the desired results. Less than 60% of companies that pay the ransom when they've been hit by a ransomware attack are able to recover even part of their data, and 39% of companies that pay a ransom never see any of their data again. It is also illegal in many circumstances.

Beyond the Ransom

The damage that businesses suffer from a ransomware attack doesn't stop when a company's systems and data get decrypted. Unitrends researchers determined that for companies that have faced ransomware head on, data loss (22.34%) and downtime (22.13%) were the most common consequences reported. Rounding out the top five most-cited consequences were reputation damage (15.24%), lost profits (13.57%) and compliance failures (9.39%). All three of these elements keep the expense of a ransomware incident snowballing, creating major danger for the long-term viability of the victimized businesses.

Phishing Delivers Ransomware

IBM's Cyber Resilient Organization Study breaks down exactly how ransomware attacks arrive at targeted organizations. When considering organizations that sustained at least one attack, researchers determined that four major causes represented the catalyst for most ransomware events.

By far, the most common way for ransomware to take root in an organization's environment is through phishing, and employees have an unfortunate tendency to fall for phishing messages. About 60% of employees said that they have opened emails they weren't fully confident were safe. Employees don't just stop at opening them either. They also interact with suspicious messages at an alarming rate. One in three employees are likely to click the links in phishing emails, and one in eight employees are likely to share information requested in a phishing email. This makes it easy for ransomware gangs to persuade employees to visit a poisoned URL or hand over their passwords to allow bad actors to go right through your defenses.

Stop Phishing to Stop Ransomware

While not all ransomware infections start with phishing, almost half do. That makes the prevention of phishing the best way to prevent ransomware. Here are a few steps your organization can take to combat these types of attacks:


Any company with a domain name can leverage DMARC to help reduce spam and prevent phishing attacks. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol specification that protects against direct domain spoofing. It can detect when an email is sent by an unauthorized sender of that domain, and block or discard the message before it is received. However, DMARC only protects against direct domain spoofing, not all phishing attacks. For DMARC to protect you against domain spoofing, all of your vendors, partners and customers (your trusted supply chain) have to implement Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and DMARC.

Security Awareness Training

Training your employees to spot malicious emails is another way to lower the probability of a successful phishing attack. However, it will never stop them completely. In a UK study on phishing simulations, researchers discovered that 40% - 60% of the employees surveyed were likely to open malicious links or attachments at the start of the study. In follow-up testing, after about six months of training, the percentage of employees who took the bait in every industry dropped 20% to 25%. Further training produced a steeper drop. After three to six months of more training, the percentage of employees who opened phishing messages dropped to just 10% to 18%. However, even well-trained employees fall for the bait sometimes.

Your Business Needs Automated Phishing Protection from Graphus

No organization can take chances when it comes to cybersecurity, especially phishing defense. About 60% of businesses that experience a cyberattack like ransomware go out of business within six months. Your employees' inboxes are besieged daily with phishing messages that could be carrying ransomware. DMARC and security awareness training don't stop that from happening. That means that your business is just a click away from disaster.

However, Graphus can save the day. Our patented TrustGraph technology puts a powerful shield between phishing and your business to stop phishing immediately. Automated email security solutions spot and stop 40% more phishing messages than old-fashioned conventional security or a Secure Email Gateway (SEG). Machine learning ensures that your protection grows with your business instead of growing obsolete, at a fraction of the cost of competing solutions.

Using graph theory, machine learning and artificial intelligence algorithms to identify trusted relationships between your employees and the people they communicate with, Graphus virtually eliminates the threat of phishing and ransomware attacks delivered through email, automatically identifying and eliminating even sophisticated, socially engineered cyberthreats. While people are easily fooled, Graphus is not.

Plus, Graphus is virtually plug-and-play, with no complex configurations or tinkering required. Graphus also isn't dependent on technicians to upload safe sender lists or threat reports to get the job done. The AI never takes a day off monitoring your company's unique communication patterns to quickly spot trouble. It takes care of phishing threats automatically without human intervention, 24/7/365.

All of these advantages add up to an important conclusion — now is the perfect time to eliminate humans from the equation and really defend your business from ransomware and phishing with powerful, affordable and automated email security from Graphus.